Re: Cannot send mail to "some" domains

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

The FQDN box within the SMTP properties should be resolvable from an external
source (as well as internally)...ie, you should be able to ping/connect to
whatever is listed in that box. This is what will get sent back if a domain
performs a Reverse DNS query (such as Earthlink) against your email
domain...at least that is my understanding of this field.

If the name in the box is the same as your new Exchange, did you also change
this in any external DNS records? It could be that the old Exchange record
in DNS (externally/internally) should reflect the new Exchange name...







"aja44" wrote:

Jim,

I am able to run the nslookup tool and get the following results:

from an outside machine:
C:\>nslookup
*** Can't find server name for address 172.16.99.21: Non-existent domain
Default Server: dhcp16.srv.hcvlny.cv.net
Address: 167.206.3.161

mal-ms1.liebertpub.com
Server: dhcp16.srv.hcvlny.cv.net
Address: 167.206.3.161

Non-authoritative answer:
Name: mal-ms1.liebertpub.com
Address: 198.65.193.67

set type=mx
liebertpub.com
Server: dhcp16.srv.hcvlny.cv.net
Address: 167.206.3.161

Non-authoritative answer:
liebertpub.com MX preference = 100, mail exchanger =
liebertpub.com.mail1.psmtp
.com
liebertpub.com MX preference = 200, mail exchanger =
liebertpub.com.mail2.psmtp
.com
liebertpub.com MX preference = 300, mail exchanger =
liebertpub.com.mail3.psmtp
.com
liebertpub.com MX preference = 400, mail exchanger =
liebertpub.com.mail4.psmtp
.com

liebertpub.com nameserver = auth1.dns.cogentco.com
liebertpub.com nameserver = auth2.dns.cogentco.com
liebertpub.com nameserver = auth4.dns.cogentco.com
liebertpub.com nameserver = auth5.dns.cogentco.com
auth1.dns.cogentco.com internet address = 66.28.0.14
auth2.dns.cogentco.com internet address = 66.28.0.30
auth4.dns.cogentco.com internet address = 80.245.32.74
auth5.dns.cogentco.com internet address = 80.91.64.50


From the Exchange Server I get:

mal-ms1.liebertpub.com
Server: mal-dc1.liebertpub.com
Address: 192.168.1.9

Name: mal-ms1.liebertpub.com
Address: 192.168.1.11

set type=mx
liebertpub.com
Server: mal-dc1.liebertpub.com
Address: 192.168.1.9

liebertpub.com
primary name server = mal-dc1.liebertpub.com
responsible mail addr = admin.liebertpub.com
serial = 2732
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)

When I go to the new ESM and drill through SMTP on the new Exchange server I
find that the Default SMTP virtual server is up and the FQDN of the new box
is listed and resloves using the DNS button. On the old server the Virtual
SMTP is disabled and the old server names is listed in the Advanced Deliver
Tab.

"Jim" wrote:

yes, from the exchange server or any internal PC, perform an NSLookup.

Open command prompt
c:\nslookup press enter
Default Server: "your server fqdn"
Address: x.x.x.x

set type=mx press enter
"your domain name (internal)" press enter

The output will give you the domain name and MX Preferrence and what
Exchange "believes" it is pointing to....

Are you behind any kind of NAT firewall?

Check the following:
- ESM
- Expand Admin Groups
- Expand Servers
- Expand your server
- Expand Protocols
- Expand SMTP
- select your Default SMTP virtual server, rt. click, properties
- select the Delivry tab
- select the advanced button
- check the Fully-qualified Domain Name box....what is listed here? Was
there something in your 2k box in this same field...if so, do they match, is
one missing, etc.
Also, make sure that "Check DNS" resolves properly to whatever is in this box.




"aja44" wrote:

Jim,

My tech onsite is out until later this evening. I wont be able to get into
the Server and check this until I get home tonight. Do you think this would
be causing certain domains to be blocked? If it was something we hosted
awhile back but not being able to send to earthlink is weird. I am working
on verifying my MX Record and DNS records again. I am thinking it is a
Reverse DNS problem.

Do you know any tips to check and verify that my MX record, DNS record and
reverse DNS lookups are pointing to the new Exchange Server and not the old
one?

Thanks

"Jim" wrote:

no worries...I can hang with you, at least until I have passed on all that I
know to check... : )

To verify:

Open ESM, Expand Recipients, select Recipient Policies, select any of the
policy and rt. click, select properties, on the first tab (General) that
appears, look in to the Filter Rules box and check what is listed. If the
policy is not the Default Policy (ie one that has been created), then you
should see information specific to the mailbox store, server, etc.

You might want to enable Message tracking and then try sending test emails.
Then go to the Tools section in ESM, select message Tracking Center, then
fill out the info on the right, select Find Now...once it returns a set of
results in the white space below, you can click on the result and it will
give you more information as what is happening to the message.

Also, you mentioned that you have a connector to your Old Exchange? Has
that been removed?

The messge track will show you how that message is moving in/out of your
system...and if there is a connector component, it will show up in the
message track info.


"aja44" wrote:

Jim,

I was able to test SMTP from the Exchange server and was able to connect and
send an email. I immediately received the NDR in OWA. I also went into ADUC
and deleted the contact for the user, force replicated between my 2 DC's and
then tried to send an email via OWA to the user and immediately received the
NDR.

I currently find 4 Recipient Policies. One is named for the Organization
and has 8 or 12 SMTP addresses listed and checked. None of which are the
domains I cannot send to. Another is the default policy which just has my
domain's SMTP address along with the X400. The other 2 policies are for Mail
maintenance (one to setup when and the other to exclude 3 users from having
their deleted items deleted). I have run the RUS and has not fixed anything.
I do not know enough about these policies to want to delete them and
recreate them. Is there a utility that I can run to see if the domains I am
having issues sending to are somehow in my system? One of the email
addresses is user@xxxxxxxxxxxxx which I know we dont host that domain so that
may be a moot point.

Since we moved everything from our old server to the new one I have stopped
replication for the Public Folders, moved all the mailboxes, and deleted the
SMTP connector between the two boxes. I do however have the old server still
up and running with Exchange installed on it. I was afraid to take it down
until this was fixed but could this be causing a loop of some kind?

You also mentioned confirming that the recipient policy is applied to the
new server, how can I confirm that?

Thanks again for you time and patience...



"Jim" wrote:

Though the recipient policies are global you must still select the mailboxes
to which the policy will apply. If you have moved the mailboxes, you might
want to verify that the policy is being applied to the Exchange server where
the mailboxes are actually sitting. I do not recall if the settings will
automatically follow the mailboxes...Susan may have the answer to
this...sorry, I don't recall.

The smart host is defined within the properties of the SMTP protocol, which
is server specific. Though this is a moot point, as you have said you do not
use a smart host.

If you are not performing smtp relaying, I have always found it best to
perform smtp tests from the actual Exchange server, as that is the box that
is trying to connect to other mail servers. By performing the test on the
actual Exchange server, you may end up discovering that the problem could be
a network or other issue (Layer 1, Layer 2, layer 3, etc.).

Based on your description it sounds like there is a conflicting address in
your AD (such as a Contact). If you have contacts defined in your ADUC, are
you forwarding them as well? If you find Contacts, as a test...can you
delete them and then try sending to the address?

"aja44" wrote:

Jim,

Thanks for helping...

They are external addresses I am trying to send to. There is no recipent
policy defining any SMTP address for these domains. I am told that a few
years ago one of the domains was on their old server but not any more. I
checked through the default and a domain named Recipient policys and they do
not have the SMTP addresses stated.

And I found 2 of the 3 accounts I have been told email gets bounced back to
have contacts in the AD. I deleted one of them and re-created it and it
still failed.

Thanks,
The Exchange Server is NOT in the DMZ. I do not know what a smarthost is?
This was a working 2000 Exchange server and this problem began after we moved
the mailboxes and Public folders to the new 2003 Exchange Server. But dont
all the Recipient Policies and a smarthost be part of the Domain and not the
individual server? New to Exchange 2003.. :-)



I do not think I tried sending via Telnet on the Exchange server last night.
I did it from my home PC. I do not have the VPN client on the machine I am
on now so will have to try that when I am home tonight. Does that make much
of a difference if I do it from the Exchange server commandline or from any
machine?




"Jim" wrote:

Also, do you have contacts set for any of these users that you are trying to
send to?

"aja44" wrote:

Jim,

Thanks,

I was able to telnet to my server and send email to myself as well as my
personal account via telnet. I still received errors sending this way to the
same domains I was having issues with using OWA or Outlook. I am either
getting the following errors: 5.1.1 or 5.4.6

I deleted the contact in AD for the one user that received the 5.4.6 error
and recreated it. I then received the 5.1.1 error the first few times I
tried to send and then eventually went back to the 5.4.6 error.

HELP PLEASE

"Jim" wrote:

The following has always worked for me when testing:

1. Telnet to server host (FQDN) or IP using port 25
2. type helo (sometimes you may need to type the domain name in addition to
helo)
3. mail from: email address <Enter>
4. rcpt to: email address <Enter>
5. data <Enter>
6. Subject: whatever <Enter>
7. Type message <Enter>
8. <Enter>
9. .
10. <Enter>
11. quit <Enter>


hope this helps,

Jim




"aja44" wrote:

Susan,

I must be doing something wrong because it keeps failing and I tried to
.

Quantcast